On 6/5/2014 11:31 PM, Green, Gatewood wrote:
Openssl-0.9.8za will not build in FIPS mode. The openssl-fips-1.2(.4) seems to be missing the symbol BN_consttime_swap.
By the way, the BN_consttime_swap implementation in 1.0.1g (still downloading 1.0.1h) doesn't seem to completely match its description: - If nwords is 0, the code will overflow the input buffers by pretending that nwords is 10. Adding "case 0" to the bottom of the switch should fix that. - If BN_ULONG is not exactly BN_BITS2 in size, the condition may also bit mishandled, is this property guaranteed by the type definitions on all platforms? - Other than the assert checking the power-of-2 assumption, the code should work with any condition in the range 0 to (1 << (BN_BITS32-1)) inclusive, but not for larger values. - The only thing that needs a and b to be different variables is the assert checking that condition. At least this is how I read the code. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org